Update some dependencies to address an npm audit warning

[adrianschmidt]

Summary by CodeRabbit

• Chores

  • Updated linting tooling to the latest versions for improved stability.
  • Upgraded development dependencies to keep the project current.

• Style

  • Adjusted linting configuration for TypeScript files to allow array reversal without warnings.

No user-facing changes.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

Updates ESLint tooling: adds a rule override in eslint.config.mjs and bumps devDependencies (@limetech/eslint-config to ^4.0.0, eslint to ^9.34.0) in package.json. No runtime or public API changes.

Changes

Cohort / File(s)	Summary
ESLint tooling updates eslint.config.mjs, package.json	eslint.config.mjs: Added unicorn/no-array-reverse: 'off' under TypeScript rules with a note about TS 5.2+ and es2023. package.json: Bumped devDependencies @limetech/eslint-config ^3.0.1→^4.0.0 and eslint ^9.33.0→^9.34.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch update-deps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Documentation has been published to https://lundalogik.github.io/lime-elements/versions/PR-3657/

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled
• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between c68afb7 and c70f6fe.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• eslint.config.mjs (1 hunks)
• package.json (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Docs / Publish Docs
• GitHub Check: Build
• GitHub Check: Test

🔇 Additional comments (1)

package.json (1)

40-40: Bump @limetech/eslint-config → v4.0.0: peers satisfied, but audit warnings remain

• Peer dependencies

  • @limetech/[email protected] only requires eslint >= 9; you’re on [email protected] and npm ls shows no unmet peers.
  • It brings in @typescript-eslint/[email protected], @typescript-eslint/[email protected] and [email protected] with no version conflicts. You may still want to confirm that TS 4.9.5 is fully supported by TS-ESLint v8.40.

• Audit status

  • After installing, npm audit reports 12 vulnerabilities (2 moderate, 10 high), including:
    • jsonpointer (Prototype Pollution)
    • marked (Inefficient RegExp)
    • tar-fs (Path Traversal)
    • trim (ReDoS)
    • ws (DoS)
  • These stem from dev-only packages (@rjsf/core, typedoc/kompendium, puppeteer/puppeteer-core).

Next steps

• Decide whether to run npm audit fix (with --force) now and absorb any breaking bumps, or schedule a follow-up PR to update those dev dependencies.

[lime-opensource]

🎉 This PR is included in version 38.22.1 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀